Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add commit signing #155

Merged
merged 3 commits into from
Aug 26, 2024
Merged

Add commit signing #155

merged 3 commits into from
Aug 26, 2024

Conversation

wesley-dean-gsa
Copy link
Contributor

This will add commit signing with a GPG key. Documentation on the commit action may be found here:

https://github.com/stefanzweifel/git-auto-commit-action#signing-commits

..and importing the GPG key may be found here:

https://github.com/crazy-max/ghaction-import-gpg

security considerations

This will help us maintain the "force signed commits" option.

Copy link

github-actions bot commented Aug 8, 2024

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 4 0 0.1s
⚠️ CSS scss-lint 2 1 3.44s
✅ JAVASCRIPT prettier 6 0 0 1.09s
✅ JSON jsonlint 7 0 0.37s
✅ JSON npm-package-json-lint yes no 0.66s
✅ JSON prettier 7 0 0 1.4s
✅ JSON v8r 7 0 11.23s
✅ MARKDOWN markdownlint 20 0 0 1.98s
✅ MARKDOWN markdown-link-check 20 0 10.24s
✅ MARKDOWN markdown-table-formatter 20 0 0 0.45s
✅ REPOSITORY checkov yes no 14.75s
✅ REPOSITORY gitleaks yes no 0.2s
✅ REPOSITORY git_diff yes no 0.24s
⚠️ REPOSITORY grype yes 3 14.3s
✅ REPOSITORY secretlint yes no 2.59s
⚠️ REPOSITORY trivy yes 1 9.1s
✅ REPOSITORY trivy-sbom yes no 1.45s
✅ REPOSITORY trufflehog yes no 4.94s
⚠️ SPELL cspell 20 1 2.7s
✅ YAML prettier 14 0 0 1.47s
✅ YAML v8r 11 0 13.23s
✅ YAML yamllint 14 0 0.61s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

Copy link

github-actions bot commented Aug 8, 2024

Pa11y testing results ``` Welcome to Pa11y

Running Pa11y on URL https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

Results for URL: https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

• Error: This element has insufficient contrast at this conformance level. Expected a contrast ratio of at least 4.5:1, but text in this element has a contrast ratio of 3.68:1. Recommendation: change background to #63686c.
├── WCAG2AA.Principle1.Guideline1_4.1_4_3.G18.Fail
├── #main-content > section:nth-child(3) > div > div > div:nth-child(2) > p
└──

For over 50 years, GSA has been...

• Error: Duplicate id attribute value "svg-bedding" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-bedding
└── <path d="M17 10.13a33.86 33.86 ...

• Error: Duplicate id attribute value "svg-camping" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-camping
└── <path fill-rule="evenodd" d="m1...

• Error: Duplicate id attribute value "svg-chevron_left" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-chevron_left
└── <path d="M0 0h24v24H0z" fill="n...

• Error: Duplicate id attribute value "svg-chevron_right" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-chevron_right
└── <path d="M0 0h24v24H0z" fill="n...

• Error: Duplicate id attribute value "svg-clothes" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-clothes
└── <path d="M15.7 2.37 15 2.3V4a3 ...

• Error: Duplicate id attribute value "svg-construction_worker" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-construction_worker
└── <circle cx="10.5" cy="4.5" r="1...

• Error: Duplicate id attribute value "svg-flickr" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-flickr
└── <path d="M6.459 17a4.444 4.444 ...

• Error: Duplicate id attribute value "svg-flooding" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-flooding
└── <path d="M17 18.16a6 6 0 0 0-2....

• Error: Duplicate id attribute value "svg-github" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-github
└── <path d="M12 2a10 10 0 0 0-3.16...

• Error: Duplicate id attribute value "svg-hospital" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-hospital
└── <path d="M19 3H5a2 2 0 0 0-2 2v...

• Error: Duplicate id attribute value "svg-hurricane" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-hurricane
└── <path d="M19 12a7 7 0 0 0-6.34-...

• Error: Duplicate id attribute value "svg-identification" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-identification
└── <path d="M11 14.14C11 13.38 9.3...

• Error: Duplicate id attribute value "svg-instagram" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-instagram
└── <path d="M8.273 3.063c-.958.045...

• Error: Duplicate id attribute value "svg-linkedin" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-linkedin
└── <path d="M19.667 3A1.322 1.322 ...

• Error: Duplicate id attribute value "svg-navigate_far_before" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-navigate_far_before
└── <path d="M11.41 7.41 10 6l-6 6 ...

• Error: Duplicate id attribute value "svg-navigate_far_next" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-navigate_far_next
└── <path d="m14 6-1.41 1.41L17.17 ...

• Error: Duplicate id attribute value "svg-rain" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-rain
└── <path d="M17.51 7A5.62 5.62 0 0...

• Error: Duplicate id attribute value "svg-severe_weather" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-severe_weather
└── <...

• Error: Duplicate id attribute value "svg-snow" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-snow
└── <path d="m20.76 14.07-.66-1.34-...

• Error: Duplicate id attribute value "svg-sort_arrow" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-sort_arrow
└── <path d="M15.17 15 13 17.17V6.8...

• Error: Duplicate id attribute value "svg-tornado" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-tornado
└── <path d="M13 16v-2h2.77c.08-.32...

• Error: Duplicate id attribute value "svg-twitter" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-twitter
└── <path d="M19.912 7.925v.527A11....

• Error: Duplicate id attribute value "svg-x" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-x
└── <path d="M13.522 10.775 19.48 4...

• Error: Duplicate id attribute value "svg-youtube" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-youtube
└── <path d="M19.816 5.389a2.469 2....

25 Errors

@wesley-dean-gsa wesley-dean-gsa marked this pull request as ready for review August 22, 2024 21:07
@wesley-dean-gsa wesley-dean-gsa requested a review from a team as a code owner August 22, 2024 21:07
Copy link

Pa11y testing results ``` Welcome to Pa11y

Running Pa11y on URL https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

Results for URL: https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

• Error: This element has insufficient contrast at this conformance level. Expected a contrast ratio of at least 4.5:1, but text in this element has a contrast ratio of 3.68:1. Recommendation: change background to #63686c.
├── WCAG2AA.Principle1.Guideline1_4.1_4_3.G18.Fail
├── #main-content > section:nth-child(3) > div > div > div:nth-child(2) > p
└──

For over 50 years, GSA has been...

• Error: Duplicate id attribute value "svg-bedding" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-bedding
└── <path d="M17 10.13a33.86 33.86 ...

• Error: Duplicate id attribute value "svg-camping" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-camping
└── <path fill-rule="evenodd" d="m1...

• Error: Duplicate id attribute value "svg-chevron_left" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-chevron_left
└── <path d="M0 0h24v24H0z" fill="n...

• Error: Duplicate id attribute value "svg-chevron_right" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-chevron_right
└── <path d="M0 0h24v24H0z" fill="n...

• Error: Duplicate id attribute value "svg-clothes" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-clothes
└── <path d="M15.7 2.37 15 2.3V4a3 ...

• Error: Duplicate id attribute value "svg-construction_worker" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-construction_worker
└── <circle cx="10.5" cy="4.5" r="1...

• Error: Duplicate id attribute value "svg-flickr" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-flickr
└── <path d="M6.459 17a4.444 4.444 ...

• Error: Duplicate id attribute value "svg-flooding" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-flooding
└── <path d="M17 18.16a6 6 0 0 0-2....

• Error: Duplicate id attribute value "svg-github" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-github
└── <path d="M12 2a10 10 0 0 0-3.16...

• Error: Duplicate id attribute value "svg-hospital" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-hospital
└── <path d="M19 3H5a2 2 0 0 0-2 2v...

• Error: Duplicate id attribute value "svg-hurricane" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-hurricane
└── <path d="M19 12a7 7 0 0 0-6.34-...

• Error: Duplicate id attribute value "svg-identification" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-identification
└── <path d="M11 14.14C11 13.38 9.3...

• Error: Duplicate id attribute value "svg-instagram" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-instagram
└── <path d="M8.273 3.063c-.958.045...

• Error: Duplicate id attribute value "svg-linkedin" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-linkedin
└── <path d="M19.667 3A1.322 1.322 ...

• Error: Duplicate id attribute value "svg-navigate_far_before" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-navigate_far_before
└── <path d="M11.41 7.41 10 6l-6 6 ...

• Error: Duplicate id attribute value "svg-navigate_far_next" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-navigate_far_next
└── <path d="m14 6-1.41 1.41L17.17 ...

• Error: Duplicate id attribute value "svg-rain" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-rain
└── <path d="M17.51 7A5.62 5.62 0 0...

• Error: Duplicate id attribute value "svg-severe_weather" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-severe_weather
└── <...

• Error: Duplicate id attribute value "svg-snow" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-snow
└── <path d="m20.76 14.07-.66-1.34-...

• Error: Duplicate id attribute value "svg-sort_arrow" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-sort_arrow
└── <path d="M15.17 15 13 17.17V6.8...

• Error: Duplicate id attribute value "svg-tornado" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-tornado
└── <path d="M13 16v-2h2.77c.08-.32...

• Error: Duplicate id attribute value "svg-twitter" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-twitter
└── <path d="M19.912 7.925v.527A11....

• Error: Duplicate id attribute value "svg-x" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-x
└── <path d="M13.522 10.775 19.48 4...

• Error: Duplicate id attribute value "svg-youtube" found on the web page.
├── WCAG2AA.Principle4.Guideline4_1.4_1_1.F77
├── #svg-youtube
└── <path d="M19.816 5.389a2.469 2....

25 Errors

@wesley-dean-gsa
Copy link
Contributor Author

wesley-dean-gsa commented Aug 26, 2024

We have opted not to enable script integrity hashes at this time. Accepting this poses minimal risk given that of the three libraries being imported, two are TTS-supported (DAP and Search). The decision will be further documented in an ADR.

This comment was for a different PR

auto-merge was automatically disabled August 26, 2024 14:59

Pull request was closed

@wesley-dean-gsa
Copy link
Contributor Author

I closed the wrong PR. Oopsies.

Copy link

Pa11y testing results ``` Welcome to Pa11y

Running Pa11y on URL https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

Results for URL: https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov//sign_megalinter_keys/

• Error: This element has insufficient contrast at this conformance level. Expected a contrast ratio of at least 4.5:1, but text in this element has a contrast ratio of 3.68:1. Recommendation: change background to #63686c.
├── WCAG2AA.Principle1.Guideline1_4.1_4_3.G18.Fail
├── #main-content > section:nth-child(3) > div > div > div:nth-child(2) > p
└──

For over 50 years, GSA has been...

1 Errors

Copy link
Contributor

@debjudy debjudy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved 👍

@wesley-dean-gsa wesley-dean-gsa merged commit 8b3226d into main Aug 26, 2024
12 checks passed
@wesley-dean-gsa wesley-dean-gsa deleted the sign_megalinter_keys branch August 26, 2024 19:08
@wesley-dean-gsa
Copy link
Contributor Author

The repo is configured to require that commits must be signed. Without signing, branches can't be merged:

Screenshot_20240826_150659

Those unsigned commits are coming from MegaLinter:

Screenshot_20240826_150744

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants